HP Client Automation Enterprise Infrastructure (Radia) Discloses Potentially Sensitive Information to Remote Users
|
|
SecurityTracker Alert ID: 1024191 |
|
SecurityTracker URL: http://securitytracker.com/id/1024191
|
|
CVE Reference:
CVE-2010-1972
(Links to External Site)
|
Date: Jul 13 2010
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in HP Client Automation Enterprise Infrastructure. A remote user can obtain potentially sensitive information.
A remote user can issue an HTTP request to access the HP Client Automation (HPCA) log files.
The default configuration is affected.
Lars Heidelberg of adMERITia GmbH reported this vulnerability.
|
Impact:
A remote user can access the log files.
|
Solution:
The vendor has described configuration instructions in their advisroy to correct the vulnerability.
The vendor's advisory is available at:
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286740
|
Vendor URL: www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286740 (Links to External Site)
|
Cause:
Access control error, Configuration error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Jul 2010 19:58:52 +0000
Subject: HPSBMA02555 SSRT100064 rev.1 - HP Client Automation Enterprise Infrastructure (Radia) Remote Disclosure of Information
|
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286740
CVE-2010-1972
|
|
